WDS Windows 7 setup not obeying unattended.xml

[Cerulean]

Objectives:

• To have the entire Windows 7 Professional (64-bit) installation automated and zero-touch (except for the entering in of the license key and hostname
• The only tasks of a technician is to PXE boot the machine and enter in a hostname and license key
• We absolutely want to avoid setting up a reference VM and sysprepping; our RMM will handle post-OSD configuration automatically; WDS is responsible only for driver injections and automating the entire OSD
• To have a local administrative account .\tech created automatically

Problem:
Windows 7 setup is not obeying my unattended.xml

My setup of WDS:

1. Server CONTOSO-DC is domain controller for CONTOSO.COM with DNS and DHCP roles
2. Server CONTOSO-WDS is WDS server
3. PXE booting works with great success
4. Grabbed Windows 7 Professional ISO from company Microsoft VLSC, imported install.wim and boot.wim into WDS
5. Constructed unattend.xml using Windows SIM, modified properties of Windows 7 x64 install image to load my unattend.xml

Symptoms:

• WDS (WinPE?) asks me to set locale, keyboard, language, login with CONTOSO.COM\Administrator, and select image (I only have one image, it shouldn't ask me anything)
• OS setup asks me to set locale, keyboard, language
• OS setup asks me to select disk to install on
• Local user and administrative account 'tech' isn't created
• Hostname is not changed

unattended.xml:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <AutoLogon>
                <Password>
                    <Value>tech</Value>
                    <PlainText>false</PlainText>
                </Password>
                <Enabled>true</Enabled>
                <LogonCount>1</LogonCount>
                <Username>tech</Username>
            </AutoLogon>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>3</ProtectYourPC>
            </OOBE>
            <UserAccounts>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>tech</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Group>Administrators</Group>
                        <Name>tech</Name>
                    </LocalAccount>
                </LocalAccounts>
            </UserAccounts>
        </component>
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-us</InputLocale>
            <SystemLocale>en-us</SystemLocale>
            <UILanguage>en-us</UILanguage>
            <UILanguageFallback>en-us</UILanguageFallback>
            <UserLocale>en-us</UserLocale>
        </component>
    </settings>
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SetupUILanguage>
                <UILanguage>en-US</UILanguage>
                <WillShowUI>OnError</WillShowUI>
            </SetupUILanguage>
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
            <UILanguageFallback>en-US</UILanguageFallback>
        </component>
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <DiskConfiguration>
                <Disk wcm:action="add">
                    <CreatePartitions>
                        <CreatePartition wcm:action="add">
                            <Extend>true</Extend>
                            <Order>1</Order>
                            <Type>Primary</Type>
                        </CreatePartition>
                    </CreatePartitions>
                    <ModifyPartitions>
                        <ModifyPartition wcm:action="add">
                            <Active>true</Active>
                            <Extend>false</Extend>
                            <Format>NTFS</Format>
                            <Label>Windows</Label>
                            <Letter>C</Letter>
                            <Order>1</Order>
                            <PartitionID>1</PartitionID>
                        </ModifyPartition>
                    </ModifyPartitions>
                    <DiskID>0</DiskID>
                    <WillWipeDisk>true</WillWipeDisk>
                </Disk>
                <WillShowUI>OnError</WillShowUI>
            </DiskConfiguration>
            <UserData>
                <AcceptEula>true</AcceptEula>
                <ProductKey>
                    <WillShowUI>Always</WillShowUI>
                </ProductKey>
            </UserData>
            <ImageInstall>
                <OSImage>
                    <InstallTo>
                        <DiskID>0</DiskID>
                        <PartitionID>1</PartitionID>
                    </InstallTo>
                    <InstallToAvailablePartition>false</InstallToAvailablePartition>
                    <WillShowUI>OnError</WillShowUI>
                </OSImage>
            </ImageInstall>
        </component>
        <WindowsDeploymentServices>
            <ImageSelection>
                <InstallTo>
                    <DiskID>0</DiskID>
                    <PartitionID>1</PartitionID>
                </InstallTo>
                <InstallImage>
                    <ImageGroup>Windows 7 x64</ImageGroup>
                    <ImageName>Windows 7 PROFESSIONAL</ImageName>
                </InstallImage>
            </ImageSelection>
            <Login>
                <Credentials>
                    <Password>testadmin</Password>
                    <Username>Administrator</Username>
                    <Domain>CONTOSO.COM</Domain>
                </Credentials>
            </Login>
        </WindowsDeploymentServices>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ComputerName>BENCH-*</ComputerName>
            <TimeZone>Central Standard Time</TimeZone>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="catalog:c:/imaging/win7/iso/sources/install_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

 

[SuperSubZero]

Since deployments are domain-sensitive (you can, and MS expects you to, add machines to the domain directly during deployment), it requires sufficient privs to do an install.

That said, the privs are totally controllable, by as far as I know, by default none, except the person doing the install has to exist somewhere, either in the domain or on the server's local user list. These will be put under the WindowsDeploymentServices section. As such: https://technet.microsoft.com/en-us/library/c026170e-40ef-4191-98dd-0b9835bfa580

Since you don't appear to have that, you are being asked for locale since it will be throwing up a login box and makes no assumption about what keyboard you have.

Get past that and we can get to the next part.

 

[bigdogchris]

Did you create the unattended xml using System Image Manager version that matches 7?

https://www.microsoft.com/en-us/download/details.aspx?id=5753

When troubleshooting unattended XML's I will usually start out with just a few settings, then build up from there and keep retesting after adding a few things. It takes a long time but it makes finding issues much easier.

 

[Cerulean]

Did you create the unattended xml using System Image Manager version that matches 7?

https://www.microsoft.com/en-us/download/details.aspx?id=5753

When troubleshooting unattended XML's I will usually start out with just a few settings, then build up from there and keep retesting after adding a few things. It takes a long time but it makes finding issues much easier.

Perhaps I have a version of WAIK that is messing this up. Initially I did use SIM to do this, but I still didn't have a great amount of success. I look forward to seeing how this goes with the link and advice you've given.

SuperSubZero: We're not joining any of these machines to CONTOSO.COM. If the technician must enter their credentials (or OSD exclusive credentials for this task), we'll make that exception. I'll review the resources you direct me to tomorrow. I need to go home!

Thanks guys!!

 

[Cerulean]

Starting from scratch with something simple. Objective: overcome the AD login prompt that pops up after PXE booting (the next screen allows you to select the image you want to use, and I only have one)

unattend.xml

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="windowsPE">
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <WindowsDeploymentServices>
                <Login>
                    <Credentials>
                        <Domain>CONTOSO.COM</Domain>
                        <Password>Abc123!@#</Password>
                        <Username>bench</Username>
                    </Credentials>
                </Login>
            </WindowsDeploymentServices>
        </component>
    </settings>
    <cpi:offlineImage cpi:source="wim:c:/imaging/windows7ultimate_20110512/sources/install.wim#Windows 7 PROFESSIONAL" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

It's not working. I'm still receiving the prompt. I've manually entered the credentials and they work, but I want to automate this step. I created the above XML in Windows SIM for Windows 7 from the link SuperSubZero provided.

 

[Cerulean]

Figured it out.

The problem was this: the WindowsPE pass of an answer file needs to bundle with the boot.wim that is transmitted to PXE clients. In WDS, you can specify an answer file for the boot.wim that is transmitted via the server properties. Right-click on the WDS server in the WDS MMC snap-in, select Properties, and go to the Client tab. This tab corresponds with the Boot tab where the boot.wim is specified.

Additionally, I could not get it to accept CONTOSO.COM domain credentials in the answer file. So, I created a local account 'benchlocal' on CONTOSO-WDS with password Abc123!@#. I modified the answer file as such:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
   <settings pass="windowsPE">
       <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <WindowsDeploymentServices>
               <Login>
                   <Credentials>
                       <Domain>CONTOSO-WDS</Domain>
                       <Password>Abc123!@#</Password>
                       <Username>benchlocal</Username>
                   </Credentials>
               </Login>
           </WindowsDeploymentServices>
       </component>
   </settings>
   <cpi:offlineImage cpi:source="wim:c:/imaging/windows7ultimate_20110512/sources/install.wim#Windows 7 PROFESSIONAL" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

There are two ways you can go about your answer file(s): either have a single XML answer file or have two (one for boot.wim / WDS server properties, and one for install.wim).

If you go the route of two answer files, you can have one named WDSClientUnattend.xml (boot.wim) and the other named OOBEUnattendedSetup.xml (install.wim). You can have the contents of both be merged into one file (just make sure the XML structure integrity is valid and correct), or separate them out into two files. When WinPE initializes, it will only read the relevant segment of the XML file that it needs, likewise when Windows Setup (install.wim) is doing its thing.

 

[SuperSubZero]

The annoying thing with WDS for me is the disk partitioning. In Windows Setup, if you delete all of the partitions and click Next, Windows will just create a default layout proper to the architecture and go on it's way. For an unattended setup, there is no magical "do that" parameter. You literally need to set the ENTIRE thing up, and if you have BIOS and UEFI machines, you need to set them BOTH up, and have separate files to control them.

For mine I left the disk partitioning stuff manual as a sanity check so we don't randomly boot some important machine on the imaging network and flatten it automatically.

 

[CrimsonKnight13]

I recommend getting the newest Windows 10 ADK & using the newest SIM within. Make sure to load the WIM and/or CLG files in sync with the unattend.xml you're using for the image. Once all have loaded, verify the validation text at the bottom.

Edit: read through instead of skimming, saw that it was resolved. Always good to validate the XML with the newest SIM though to avoid future headaches though.

 

[Cerulean]

The annoying thing with WDS for me is the disk partitioning. In Windows Setup, if you delete all of the partitions and click Next, Windows will just create a default layout proper to the architecture and go on it's way. For an unattended setup, there is no magical "do that" parameter. You literally need to set the ENTIRE thing up, and if you have BIOS and UEFI machines, you need to set them BOTH up, and have separate files to control them.

For mine I left the disk partitioning stuff manual as a sanity check so we don't randomly boot some important machine on the imaging network and flatten it automatically.

I observed that the same unattend.xml won't work for a UEFI machine. It gives this error message on a UEFI VM:

Works fine in BIOS VM.

I'll look into what you've said on disk partitioning as well - valid concern, and thank you for pointing it out! ;o

EDIT: As a result of research I'm considering to leave the DiskConfiguration out of the answer file making this an exception in automation - technician should interact and make sure this is setup right. According to [1] [2] [3] [4] EFI machines will require a different answer file with a DiskConfiguration section catered to EFI requirements. If we leave disk selection to the technician, this is a non-issue and we can use the same answer file.

 

[CrimsonKnight13]

Could you paste the disk config from the XML? I have an autounattend.xml that works fine with BIOS & UEFI for disk configuration.

 

[Dew]

Could you paste the disk config from the XML? I have an autounattend.xml that works fine with BIOS & UEFI for disk configuration.

Are you saying your autounattend will properly auto-wipe and partition for UEFI or BIOS mode automatically? If so, I really want to see your disk section.

 

[CrimsonKnight13]

Are you saying your autounattend will properly auto-wipe and partition for UEFI or BIOS mode automatically? If so, I really want to see your disk section.

I've built one for SCCM & another for unattended disc install (which I haven't used in a while).

Here is the disk configuration for the disc install to a legacy system. I built it with the newest Windows System Image Manager. If needed, I could build one for UEFI, but I have not done one that does both since that's taken care of by task sequence in SCCM. The whole idea could be translated to XML if you'd like. My bad for misspeaking earlier... I was thinking of my SCCM task sequence not the XML file.

            <DiskConfiguration>
                <Disk wcm:action="add">
                    <CreatePartitions>
                        <CreatePartition wcm:action="add">
                            <Order>1</Order>
                            <Type>Primary</Type>
                            <Size>500</Size>
                        </CreatePartition>
                        <CreatePartition wcm:action="add">
                            <Order>2</Order>
                            <Type>Primary</Type>
                            <Extend>true</Extend>
                        </CreatePartition>
                    </CreatePartitions>
                    <DiskID>0</DiskID>
                    <WillWipeDisk>true</WillWipeDisk>
                    <ModifyPartitions>
                        <ModifyPartition wcm:action="add">
                            <Active>true</Active>
                            <Format>NTFS</Format>
                            <PartitionID>1</PartitionID>
                            <Order>1</Order>
                            <Label>System Reserved</Label>
                            <Extend>false</Extend>
                        </ModifyPartition>
                        <ModifyPartition wcm:action="add">
                            <Extend>false</Extend>
                            <Format>NTFS</Format>
                            <Label>Windows</Label>
                            <Letter>C</Letter>
                            <Order>2</Order>
                            <PartitionID>2</PartitionID>
                        </ModifyPartition>
                    </ModifyPartitions>
                </Disk>
                <WillShowUI>OnError</WillShowUI>
            </DiskConfiguration>

 

[Dew]

My bad for misspeaking earlier... I was thinking of my SCCM task sequence not the XML file.

I was hoping you had found a way for it to check within the autounattend.xml. I ended up stripping the partitioning section my autounattend that my helpdesk uses (mainly because I have not setup MDT, yet) so they can not have to worry about having the right usb drive.

 

[CrimsonKnight13]

I was hoping you had found a way for it to check within the autounattend.xml. I ended up stripping the partitioning section my autounattend that my helpdesk uses (mainly because I have not setup MDT, yet) so they can not have to worry about having the right usb drive.

I'll see what I can figure out today & get back with you on that. I wouldn't mind having a manual method available just in case something craps the bed on the SCCM task sequence.

Edit: It looks like you can only create an autounattend file to have either BIOS OR UEFI but not both at the same time since the SIM tool doesn't allow any variables to be checked between different disk configurations. So I guess that's a flop unless I actually find some evidence to point the other way.